[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pcAnywhere and isakmpd

To: "'misc@openbsd.org'" <misc@openbsd.org>
Subject: Re: pcAnywhere and isakmpd
From: Marcus Watts <mdw@umich.edu>
Date: Mon, 09 Dec 2002 22:34:46 -0500

Various wrote:
> From: "Beukers, W.J." <WBeukers@vanleeuwen.nl>
> To: "'Michael Erdely'" <mike@erdelynet.com>
> Cc: "'misc@openbsd.org'" <misc@openbsd.org>
> Subject: Re: pcAnywhere and isakmpd
> Date: Mon, 9 Dec 2002 12:46:18 +0100 
> 
> All i can say that i used pc-anywhere over a openbsd 3.1 isakmpd firewall
> (3des sha1) as well (that is, until recently) and it worked fine..i use vnc,
> pcanywhere both and both speeds are fine to work with. I used pgpnet
> however...
> 
> -----Oorspronkelijk bericht-----
> Van: Michael Erdely [mailto:mike@erdelynet.com]
> Verzonden: Tuesday, December 03, 2002 11:10 PM
> Aan: misc@openbsd.org
> Onderwerp: pcAnywhere and isakmpd
> 
> 
> Hello,
> 
> I have an OpenBSD 3.1 firewall that is also running isakmpd configured
> to use 3des and sha1.  I'm using SSH Sentinel to connect to isakmpd to
> gain access to my private network.
> 
> pcAnywhere connections through the VPN are terribly slow.  They're
> almost unusable.
> 
> There are multiple pcAnywhere hosts on the private network (behind the
> VPN/firewall) and all of them exhibit the same behavior.
> 
> I was almost at the end of my rope when I decided to try VNC.  VNC works
> very well.  This is my first experience of having VNC out-perform
> pcAnywhere.  While VNC is an OK solution for the short term, we want to
> continue using pcAnywhere for it's user/password management.
> 
> Does anyone have any ideas on why pcAnywhere would behave so poorly when
> other traffic (VNC, NetBIOS file transfers) behave normally?
> 
> Let me know if I should provide any additional information.

I've heard that pcAnywhere is very sensitive to packet loss, and
I think I've also heard that it's not as smart about screen updates
as VNC.  I would check for:
	network packet loss
	network throughput
"tcpdump" run at both ends could collect the raw data for this,
but you may need to write something to be smart about detecting lost
packets and looking for signs of a throughput issue.  You might also
look to see if you're fragmenting packets - that can magnify network
difficulties.  I don't know that you could learn anything from doing a
"netstat -s" on the openbsd firewalls, but it can't hurt to check for
evidence of distress there.

Oh, here's something else weird to look for: with pcAnywhere and
isakmpd, are you expecting to see a *lot* of data sent out from
a tcp connection originated on openbsd, without any sort of ack
going the other way in tcp in the middle?  How fast is "scp"
to the openbsd firewall?  How fast is "ftp"?

					-Marcus Watts

References:
- Re: pcAnywhere and isakmpd
  - From: "Beukers, W.J." <WBeukers@vanleeuwen.nl>

Prev by Date: Re: 3.2: pf_test not called from if_bridge.c
Next by Date: Re: hme problems on netra t1 105
Prev by thread: Re: pcAnywhere and isakmpd
Next by thread: -current ports problem
Index(es):
- Date
- Thread